"People are, unsurprisingly, upset that Microsoft have imposed UEFI Secure Boot on the x86 market. A situation in which one company gets to determine which software will boot on systems by default is obviously open to abuse. What's more surprising is that many of the people who are upset about this are completely fine with encouraging people to buy Chromebooks. Out of the box, Chromebooks are even more locked down than Windows 8 machines." Good point.

is there a GUI to replace keys ? no (although there are scripts to do so). is it possible to wipe/replace the keys ? yes -- toggle the hardware write protect. thus you are provably wrong.

is the bios source released for *any* device shipping windows 8 ? pretty sure not. how about any mobo out there where the target is windows ? no ? how about chromebooks ? ignoring the first 3 devices, the code is published for devices since released (coreboot & u-boot and the embedded controller [ec] that manages the keyboard/battery/etc...).

so go ahead, download the source, build it & embed whatever keys you want, and flash the device. now you have a fully secure system where only you own the keys.